psa_hash_verify() function

Active hash operation.

Buffer containing the expected hash value.

Size of the \p hash buffer in bytes.

Add a message fragment to a multipart hash operation. The application must call psa_hash_setup() before calling this function. If this function returns an error status, the operation enters an error state and must be aborted by calling psa_hash_abort().

Abort a hash operation. Aborting an operation frees all associated resources except for the \p operation structure itself. Once aborted, the operation object can be reused for another operation by calling psa_hash_setup() again. You may call this function any time after the operation object has been initialized by one of the methods described in #psa_hash_operation_t. In particular, calling psa_hash_abort() after the operation has been terminated by a call to psa_hash_abort(), psa_hash_finish() or psa_hash_verify() is safe and has no effect.

Set up a multipart hash operation. The sequence of operations to calculate a hash (message digest) is as follows: -# Allocate an operation object which will be passed to all the functions listed here. -# Initialize the operation object with one of the methods described in the documentation for #psa_hash_operation_t, e.g. #PSA_HASH_OPERATION_INIT. -# Call psa_hash_setup() to specify the algorithm. -# Call psa_hash_update() zero, one or more times, passing a fragment of the message each time. The hash that is calculated is the hash of the concatenation of these messages in order. -# To calculate the hash, call psa_hash_finish(). To compare the hash with an expected value, call psa_hash_verify(). If an error occurs at any step after a call to psa_hash_setup(), the operation will need to be reset by a call to psa_hash_abort(). The application may call psa_hash_abort() at any time after the operation has been initialized. After a successful call to psa_hash_setup(), the application must eventually terminate the operation. The following events terminate an operation: - A successful call to psa_hash_finish() or psa_hash_verify(). - A call to psa_hash_abort().

Finish the calculation of the hash of a message. The application must call psa_hash_setup() before calling this function. This function calculates the hash of the message formed by concatenating the inputs passed to preceding calls to psa_hash_update(). When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling psa_hash_abort(). \warning Applications should not call this function if they expect a specific value for the hash. Call psa_hash_verify() instead. Beware that comparing integrity or authenticity data such as hash values with a function such as \c memcmp is risky because the time taken by the comparison may leak information about the hashed data which could allow an attacker to guess a valid hash and thereby bypass security controls.

Clone a hash operation. This function copies the state of an ongoing hash operation to a new operation object. In other words, this function is equivalent to calling psa_hash_setup() on \p target_operation with the same algorithm that \p source_operation was set up for, then psa_hash_update() on \p target_operation with the same input that that was passed to \p source_operation. After this function returns, the two objects are independent, i.e. subsequent calls involving one of the objects do not affect the other object.